On May 12, 2022, the European Data Protection Board published guidelines with a methodology for calculating fines for violations of the General Data Protection Regulation (GDPR). These guidelines were subject to a public consultation until June 27, 2022.
Because these guidelines are likely to have an influence on future decisions by data protection authorities in
In the continuing absence of Congressional action on a comprehensive U.S. federal privacy law, five states have now enacted their own laws. We previously provided a summary of the California, Virginia, and Colorado laws (available here), and Connecticut and Utah have since enacted new privacy laws. The Connecticut Act Concerning Personal Data Privacy and
As cyberattacks from a myriad of sources continue to proliferate and target organizations of all types and sizes, the Cybersecurity and Infrastructure Security Agency (CISA) continues to update its Shield’s Up webpage with specific cybersecurity guidance for organizations, CEOs, business leaders, and individuals. The stated goal is to “reduce the likelihood of a damaging cyber
After the EU-U.S. Privacy Shield was rendered invalid by the Court of Justice of the European Union (CJEU) in July 2020, and following a prior challenge to the U.S.-EU Safe Harbor, many businesses operating on both sides of the pond scrambled to find other ways to protect data flows between the EU and U.S. that
Keller and Heckman partner Sheila Millar and counsel Mike Gentine wrote the Inhouse Defense Quarterly article, “The Right to Repair: Implications for Consumer Product Safety and Data Security. The article examines the potential effects of President Biden’s July 9, 2021, executive order that aims to expand consumers’ “right to repair.” Advocates of the right to
Earlier this week, the UK Information Commissioner’s Office (ICO) announced its intent to fine British Airways £183,390 million ($230 million) and its intent to fine Marriott International more than £99 million ($123 million) for violations of the General Data Protection Regulation (GDPR) arising out of data breaches. The ICO investigated the breaches as the lead
In a recent Law360 article, Sheila Millar discusses a proposal from the British Information Commissioners Office (ICO) that significantly restricts how information society services deemed likely to be accessed by children must handle the data they collect, use, and share. In “UK’s Proposed Age-Appropriate Data Code Would Be Onerous” (July 3), she delves into how
The Federal Trade Commission (FTC) recently released its annual report highlighting its work on privacy and data security during 2018. The FTC initiated five enforcement actions arising out of data breaches and nine data privacy enforcement actions in 2018, including cases against online payment system Venmo and mobile phone maker BLU for misrepresenting their privacy
Small businesses face the same cybersecurity risks as large multinationals but lack a large IT infrastructure to help protect themselves. At the direction of former Federal Trade Commission (FTC) Acting Chairman Maureen Ohlhausen, the FTC launched a new cybersecurity campaign aimed at helping small businesses navigate the ever-evolving cyber landscape, coordinated with the Department of
This week has seen several significant changes at the Commission level at both the Consumer Product Safety Commission (CPSC) and the Federal Trade Commission (FTC).
CPSC
After several months of stasis, the Senate voted to confirm Peter Feldman as a Commissioner on the CPSC, with a term expiring October 26, 2019. Feldman takes the place
